What is the Easiest Way to Add a Large Number of Definitions?

You need to look at the REST API, although I have not used it so I don't know what it is available for this issue.   UTM is designed to be managed through the GUI, so nothing is documented about CLI scripts.

This also seems like the arcade game of whack-a-mole.  There are 4 billion IPv4 addresses, and an almost-infinite number of IPv6 addresses, so I don't know that you can make much headway entering 250 at a time.

I also wonder how many entries you can have in your list before UTM performance collapses, either during configuration tasks or during packet processing.    Windows folders tend to became very inefficient to browse after they have 2000 entries, so I am extrapolating from bad experiences there.

Suggest you look at Country Blocking and additional RBLs to preemptively block addresses that you do not need or do not trust.   When you do block an IP address, I would recommend blocking the /24 subnet rather than just one address.

When our staff travels overseas, they have to notify us of their current IP address, even if it changes every day.   We unblock that one address for remote access and leave the rest of the country blocked.   

All of this depends of course on your communication requirements, both incoming and outgoing.

Hello,

there is no Way via GUI. I dont think via CLI as well. Because of performance issues i would look into country blocking instead.

Regards

Jason

Thank you for replying

Well, this is very disappointing that this cannot be done with CLI. I have worked with Cisco ASA and Fortigate firewalls and I used to use cli for bulk configuration which saved me centuries of time

Also, I'v already enabled country blocking based on cyber security requirements in our company but, the wanted IP addresses are randomly scattered around the world

Ahlan and welcome to the UTM Community!

The problem one has when learning a new metaphor is that it's hard to ask the right questions.

I don't believe that one needs to do this when using the Sophos UTM, but that assumes that the UTM is otherwise well configured.  Show us 10 or 20 IPs and tell us what threat you want to avoid.

Cheers - Bob

Ahlan and welcome to the UTM Community!

The problem one has when learning a new metaphor is that it's hard to ask the right questions.

I don't believe that one needs to do this when using the Sophos UTM, but that assumes that the UTM is otherwise well configured.  Show us 10 or 20 IPs and tell us what threat you want to avoid.

Cheers - Bob

Thank you bob

Actually, I was shocked when I started dealing with Sophos when I found that it lacks granularity and ease of control as some other firewall that I have dealt with. That's why I am having crazy troubles with Sophos

Anyway, these request come from a government entity to instruct the related companies to block the IP addresses they mention. And I have no idea what are the threats behind those IP addresses. Here is a sample of the IP addresses if that would help you helping me:

95.186.166.41
93.168.124.122
73.53.94.104
60.214.107.239
51.39.94.15
5.82.12.140
46.38.79.34
41.69.202.18
37.99.190.7
31.205.76.244
23.233.190.28
212.12.178.90
200.98.144.53
2.89.209.41
198.36.39.184
176.241.185.65
151.38.159.130
146.251.87.68
139.199.23.185
132.232.148.138
129.208.18.11
107.184.226.83

Thank you for your time